[clamav-users] LibClamAV Error: yyerror(): test.yar line 6 undefined identifier "filename"
Axb
axb.lists at gmail.com
Thu Aug 11 17:26:15 UTC 2016
I picked the filename condition from a sample rule on a web site with a
number of yara rules.
Too bad I didn't bookmark it...
Will try to find it again.
On 08/11/2016 05:08 PM, Steven Morgan wrote:
> filename does not appear as a yara keyword:
>
> http://yara.readthedocs.io/en/latest/writingrules.html
>
> Is it a new keyword not yet in a released version of yara? Did you mean
> filesize?
>
> On Thu, Aug 11, 2016 at 5:21 AM, Axb <axb.lists at gmail.com> wrote:
>
>> Guys,
>>
>> clamscan --database=test.yar blah.html
>> LibClamAV Error: yyerror(): test.yar line 6 undefined identifier
>> "filename"
>> LibClamAV Error: cli_loadyara: failed to parse rules file test.yar, error
>> count 1
>> test.yar: OK
>> blah.html: OK
>>
>> test.yar
>> rule TEST_BLAH_FILENAME
>> {
>> strings:
>> $BLAH = "blah"
>> condition:
>> $BLAH and filename == "blah.html"
>> }
>>
>> Am I missing something? or is filename unsupported by ClamAV's YARA engine?
>>
>> Thanks!
>> Axb
>> _______________________________________________
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
More information about the clamav-users
mailing list